We investigated this report. He was able to exploit a known security flaw that we were able to patch. The patch had not yet applied to the server.
If you ask our customers, they prefer we take a couple of extra days before we post a patch rather than have the public know about the problem.